The Icon pointed by the arrow shows us that the application, after pressing the install button performed something in the hard drive, right click on it and we can see...
So we can see in details what actually happened, file by file, to the degree of details we want to filter.
This is not limited to what an app writes to the hard disk but also changes in the registry and network activity.
What is it used for? well the very first obvious application of it is that the crawler can then reset the whole thing, go to the select directory, leave the hard disk with less space than what the application needs and press the install button, so we can see what would happen if somebody tries to install having little hard disk space.
Same applies with network activity, it would be possible to cut off the network before performing (or during) an action that uses the network and record what happens, etc etc, you get the idea right?
I then experimented with another application, I was a bit surprised as to how eager was to inform thru the network what was happening with it (even before accepting any license terms...).
Cool stuff... like taking an x-ray picture of an app, it is still in quite an early stage but my proof of concepts did work as expected and looks promising. (sorry I did not had enough time for better screenshots)
In related news... nop, the code is not ready yet, buuuuuuuuuuuut keep an eye at https://github.com/F-Secure/murphy because either late today or tomorrow it will happen (if the caffeine is able to keep me up and running for the final checks...)
-Mat
No comments:
Post a Comment